search
githubEdit

Webserver scanning

hashtag
Related

TCP 80, 443: HTTP(S)

hashtag
Common wordlists

SecLists by Daniel Miesslerarrow-up-right

General

  • /usr/share/seclists/Discovery/Web-Content/common.txt

  • /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

CGI

  • /usr/share/seclists/Discovery/Web-Content/CGIs.txt

SharePoint

  • /usr/share/wordlists/SecLists/Discovery/Web_Content/sharepoint.txt

hashtag
gobuster

GitHub - OJ/gobusterarrow-up-right - Directory/File, DNS and VHost busting tool written in Go

gobuster dir -w /usr/share/seclists/Discovery/Web-Content/common.txt -s '200,204,301,302,307,403,500' -e -o gobuster -t 50 -u <host>

hashtag
File extensions

IIS

Apache / nginx

hashtag
wfuzz

GitHub - xmendez/wfuzzarrow-up-right - Web application fuzzer

hashtag
fuff

Fast web fuzzer written in Go. fuffarrow-up-right

Enumerate usernames

Brute force passwords

hashtag
nikto

GitHub - sullo/niktoarrow-up-right - Web server scanner

hashtag
dotdotpwn

GitHub - wireghoul/dotdotpwnarrow-up-right - The Directory Traversal Fuzzer

hashtag
dirb

DIRBarrow-up-right is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the response.

hashtag
DirBuster

DirBusterarrow-up-right is a multi threaded java application designed to brute force directories and files names on web/application servers.

hashtag
Web application firewall (WAF) detection

You can use wafw00f to detect web application firewalls (WAFs).

hashtag
wappalyzer (firefox add-on)

See Firefox extensions

PreviousPort scanningNextExploit detection

Last updated